Introduction

 

Welcome to Dr. Edgar Mocanu Unlimited (“we”/”our”/”us”) privacy policy. 

 

We respect your privacy and we are committed to protecting your personal data.  This privacy policy will inform you as to how we look after your personal data when you visit our website and attend our practice and will tell you about your privacy rights and how the law protects you. 

 

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.  This privacy policy supplements other notices and privacy policies and is not intended to override them.

 

Important Information About Us

 

We are the controller responsible for your personal data i.e. the party under data protection law who is responsible for handling your personal data.  We are Dr. Edgar Mocanu Unlimited, private unlimited company, with a registered office at 6b Upper Water Street, Newry, Co. Down, Northern Ireland, BT34 1DJ, and company number NI604N80.

 

We are not required to appoint a Data Protection Officer, however if you have any questions about this privacy policy, including any request  to exercise your legal rights, please contact us using the contact details set out below; 

 

Postal address: Rotunda Private Clinic, Rotunda Hospital, Parnell Square, Dublin 1, Ireland.

Telephone: 00 353 1 8289528

Email: lkeane@rotunda.ie

 

You have the right to make a complaint at any time to the Data Protection Commission Office, the Irish Supervisory Authority for Data Protection issues (www.dataprotection.ie).  We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commissioner so please contact us in the first instance. 

 

We will keep our privacy policy under regular review. 

 

It is important that the personal data we hold about you is accurate and current.  Please keep us informed if your personal data changes, during your attendance with us for medical services.

 

Data we Collect About You

 

Personal data, means any information about an individual from which that individual can be identified.  It does not include data where the identity has been removed (anonymous data). 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows;

 

• Identity data includes; first name, maiden name, last name, marital status, title, date of birth and gender;

 

• Contact data includes; billing address, email address and telephone numbers;

 

• Financial data includes; bank account and payment card details;

 

• Genetic data includes; data relating to your inherited or acquired genetic characteristics;

 

• Data concerning your health includes; data related to your physical and mental health including the provision of healthcare services which reveal information about your health status;

 

• Data related to you medical background; including information about recent infections, including COVID 19 infection or risk of exposure and any testing related to this or other viral agents, including communication with third parties.

 

We may also collect, use and share aggregate data such as statistical data for any purpose.  Aggregate data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.  If however, we combine or connect aggregate data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this privacy policy.  

 

If You Fail to Provide Personal Data

 

Where we need to collect personal data in order to make a medical diagnosis or for the purposes of providing safe and responsible healthcare services to you or others attending the services, and you fail to provide that data when requested, we may not be able to make such a medical diagnosis or provide the requested healthcare services to you.  We will notify you at the time if this is the case. 

 

How is Your Personal Data Collected

 

We use different methods to collect data from and about you including through;

 

• Direct interactions; you may give us your personal data by filling in forms or corresponding with us by post, phone, email, online, Apps or otherwise and by providing information to us at any medical examination.

 

• Information from test or medical examinations; we may collect information about your health and genetic information when carrying out a medical examination or when carrying out medical testing for the purposes of providing health care services to you.

 

• Third parties; we will receive personal data about you from various third parties including your spouse/partner, general practitioner, laboratories, hospitals and other healthcare providers.

 

How We Use Your Personal Data 

We will only use your personal data when the law allows us to.  We will use your personal data in the following circumstances:

 

• Where the processing is necessary for the purposes of preventative or occupational medicine, medical diagnosis and the provision of health treatment and the management of your health and the health of other parties attending the services.

 

• Where it is necessary to manage our everyday business needs, including accounting, security, collecting payments and to prevent fraud, in our legitimate interests. The legitimate interest is the efficient operation of our medical practice and your fundamental rights and freedoms do not override that interest.  We make sure to consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.

 

• We may process your information where we need to comply with a legal obligation to which we are subject to.

 

• We may process your information where it is necessary to protect your vital interests or those of another person where you or that person are physically or legally incapable of giving consent.

 

Cookies

 

You can set your browser to refuse all or some browsing cookies, or to alert you when a website sets or accesses cookies.  If you disable or refuse cookies, please note that some part of this website may become inaccessible and not function properly.  For more information about the cookies we use on our website, please see cookie policy. 

Disclosure of Personal Data

 

We may share your personal data with the parties set out below;

 

• Third party service providers; we may share your personal information with third party service providers that perform services and functions on our behalf such as our accountants, lawyers, business advisors, IT service providers, online booking service provider, secretaries, laboratories and providers of security and administration services.

 

• The Rotunda Hospital; we may share your personal information with the Rotunda Hospital for the purposes of provision of services by the Rotunda to us, in our private rooms including secretarial, administrative and typing services. Where you are admitted to the Rotunda as a patient, we may share your personal information with the Rotunda for the purposes of providing healthcare services to you. 

 

• The Bon Secours Hospital; we may share your personal information with the Bon Secours Hospital where we provide healthcare services to you there.

 

• The Mater Private Hospital; we may share your personal information with the Bon Secours Hospital where we provide healthcare services to you there.

 

• Other healthcare professionals and service providers; we may disclose your personal data to other healthcare professionals and service providers who are or have treated you where such a healthcare professional or service provider requires knowledge of that information, for the purposes of preventative or occupational medicine, medical diagnosis and for the provision of health care services.

 

• To any party whom you have specifically requested and consented to your information being shared with, including your spouse or partner.

 

• The Revenue Commissioners, regulators and other government authorities based in Ireland who require reporting of processing activities in certain circumstances.

 

Where we transfer your information to a third party and that third party is also a controller, they may advise your separately of how they process your personal information. 

 

International Transfers

 

We may transfer your personal data outside the European Economic Area (EEA).  These countries do not always afford an equivalent level of privacy protection and in such circumstances we will take specific steps, in accordance with data protection law, to protect your personal information.  In particular, for transfers of personal data outside the EEA where there is no adequacy decision by the European Commission we may rely on contractual provisions approved by the European Commission.  Where we transfer your personal information to providers based in the US, we may transfer data to them if they are part of the privacy shield which requires them to provide similar protection to personal data shared between Europe and the US.

 

Please contact us if you want further information on specific mechanisms used by us when transferring your personal data out of the EEA.

 

Data Security

 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know.  They will only process your personal data on my instructions and they are subject to a duty of confidentiality. 

 

We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach when we are legally required to do so. 

 

Data Retention

 

We will retain your health related information for the retention period set out in accordance with the HSE policy on record retention periods.

 

In addition by law we have to keep basic information about my patients including contact, identity, financial and payment details for six years from the date of payment for tax purposes. 

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information without further notice to you. 

 

Your Legal Rights

 

Under certain circumstances, you have rights under data protection law in relation to your personal data.  You have the right to;

 

• Request access to your personal data (commonly known as a data subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;

 

• Request correction of personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;

 

• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with a legal obligation.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable at the time of your request. 

 

• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes and where you do so we will stop processing your information for direct marketing immediately.  In some cases, we may demonstrate that we have a compelling legitimate ground to process your information which overrides your rights and freedoms.

 

• Request restriction of your processing for your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios;

 

• If you want us to establish the data’s accuracy;

 

• Where our use of the data is unlawful but you do not want us to erase it;

 

• Where you need us to hold the data even if we no longer require it;

 

• If you need to establish, exercise or defend a legal claim;

 

• You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;Request the transfer of your personal data to you or a third party. We will provide you, or a third party you have chosen, with your personal data in a structured, commonly used machine readable format.  Note that this right only applies to automated information which you initially provided consent for us to use or where we used that information to perform a contract with you. 

• Please note that in some circumstances the rights set out above are limited under data protection law.  If you wish to exercise any of these rights please contact us at the details set out above.

   

  We will endeavour to respond to your request within one month.  If we are unable to deal with your request within one month we may extend this period by a further two months and will explain why. 

   

  You also have the right to lodge a complaint to the Office of the Data Protection Commission.  Please visit www.dataprotection.ie for more information. 

   

  You will not have to pay a fee to access your personal data (or to exercise any other rights).  However we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively we could refuse to comply with your request in these circumstances.

   

  We may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.  We may also contact you to ask for further information in relation to your request to speed up our response. 

   

  Third Party Websites

   

  Our website may include links to third party websites, plugins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third party websites and we are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy policy of every website you visit. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain services to you.  We will advise you if this is the case at the time you withdraw your consent.